Is the independence of some gateway reviews being compromised?

When Peter Gershon proposed the idea of a “gateway review” of IT-based projects and programmes in 1999, he emphasised that they must be independent.

Gateway reviews are supposed to be independent assessments of risky IT-dependent change programmes at various stages in their lifecycle.

Today, the independence of some gateway reviews in the NHS is in doubt: there is evidence suggesting that some gateway reviews are being carried out on the basis of reports from suppliers.


This could give rise to a perception – justified or not – that some of those taking part in gateway reviews may have a vested interest in a positive outcome.

Gershon, who later became Chief Executive of the Office of Government Commerce, which oversees IT in central government, is credited with devising the idea of gateway reviews. He said in his Review of Civil Procurement in Central Government in April 1999 that:

– projects should have distinct phases in their life-cycle

– the ‘gates’ between these phases can be characterised by sets of deliverables such as requirements specification, procurement plan, project management plan, risk management plan.

– deliverables should be assessed by people with relevant expertise who are independent of the project

– important ‘gates’ can be passed only as a result of successful reviews chaired by senior people who have no vested interest in the outcome of the review.

His idea that important gates can be passed only as a result of successful reviews has been subverted. Organisations such as the Rural Payments Agency went through gateway review “red lights” on the way to a failed Single Payment Scheme.

And now the independence of gateway reviews is in question after an NHS trust revealed that some gateway reviews related to Care Records Service – a central part of the NHS’s £12.4bn National Programme for IT [NPfIT] – are being carried out on the basis of reports prepared by the supplier, the Capital Care Alliance, a BT-led consortium that was appointed the local service provider in London under the NPfIT.

A 220 page document, published by Havering NHS Primary Care Trust, contains a section that is entitled: “Outline Business Case – for the implementation of the National Programme for IT Strategic Community Solution 2007 – 2011.” Havering, incidentally, includes Romford, Upminster, Rainham and Hornchurch.

Setting out an outline business case for the Care Records Service, the trust paper says in a section headed Gateway Reviews … “These are reviews carried out by London Connecting for Health based on reports prepared by [BT-led] Capital Care Alliance.”

Connecting for Health is an agency of the Department of Health. It runs the NPfIT.

It may be that BT is remarkably objective in its reports that end up with gateway reviewers. But we don’t know because the Department of Health has refused requests under the Freedom of Information Act to publish any gateway reviews on NPfIT projects.

The National Audit Office, too, has declined to give any details from the gateway reviews on the national programme – although it spent about £500,000 on producing a value-for-money report on the NPfIT last June.

Gateway reviews have a RAG status based on traffic lights – red, amber of green. Their independence is hailed as one of their chief virtues. They are run by the Office of Government Commerce which says:

“The Senior Responsible Owner uses the Risk Potential Assessment to determine the potential level of risk associated with a programme or project.

“For large, complex, and other high-risk programmes/projects the review team leader is appointed by the OGC Gateway team and leads a review team which is independent [my italics] of the department.

“For medium-risk programmes/projects, an independent team leader is appointed by the OGC Gateway team to lead a review team drawn from independent [my italics] departmental staff.

“For low-risk programmes/projects, departments appoint the independent [my italics] leader and team members from within the department. Where departmental staff are used in this way, they must be independent [my italics] of the programme or project under review and its associated senior management.”

John Oughton, former Chief Executive of the Office of Government Commerce, claims that gateway reviews are an “intrusive” process. He told the Public Accounts Committee in November 2006

“For all the key programmes-the top 20, if you like-and for all the mission critical programmes, we expect and demand that gateway reviews are undertaken at specified points.

“For the top 20 programmes, we have now laid down a plan with milestones so that gateway reviews are done at particular points… If a gateway report produces a red rating, that rating says to the Department, “On this project or programme, there is some urgent action that you must take straight away.” If red ratings occur twice in a row, I will intervene with the accounting officer in the Department- with the permanent secretary – to draw that to their attention, and I would expect action to be taken.

“So, the gateway review process is not a soft process at all; it is actually quite a hard and intrusive process, which identifies issues that need to be tackled straight away and, in the case of red recommendations, obliges that Department to lodge with us an action plan in response to the red rating.”

**

My comment:

We believe that reviews carried out on the basis of reports of suppliers undermine the credibility of the gateway scheme, and may possibly be a waste of time and public money.

And because of the secrecy, we, the funding public, are in no position to know whether flawed projects are passing reviews. The Information Tribunal is considering whether to order the government to publish gateway reviews on ID cards. The Office of Government Commerce is fighting hard to keep them secret.

We believe that continued secrecy can only promote inefficiency – or worse.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close